CLAIMS 



1 . (Currently Amended) A method for responding to network intrusions, 
comprising: 

a) receiving an intrusion detection system (IDS) alert from an IDS sensor 
located in a network of computing resources, wherein said IDS alert indicates an 
unauthorized intrusion upon a remotely located computing resource in said network of 
computing resources , wherein said remotely located computing resource is modified 
by said unauthorized intrusion : 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said 
determining said appropriate response is unaffected by said unauthorized intrusion; 
and 

d) automatically implementing said appropriate response to mitigate damage to 
said network of computing resources from said unauthorized intrusion by isolating said 
remotely located computing resource, wherein said implementing said appropriate 
response comprises interfacing with a power controller that controls power to said 
computing resource to shut power to said computing resource. 

2. (Original) The method of Claim 1 , wherein a) further comprises: 
a1) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 

a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said network of computing resources. 

3. (Original) The method of Claim 2, wherein a2) further comprises: 
determining said suspicious intrusion is unauthorized when said suspicious 

intrusion matches with at least one of a list of unauthorized intrusions. 
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4. (Original) The method of Claim 2, wherein a1) comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system 
(HIDS) sensor located on said computing resource. 

5. (Original) The method of Claim 2, wherein a1) comprises: 
detecting said suspicious intrusion at a network-based intrusion detection 

system (NIDS) sensor located within said network of computing resources. 

6. (Canceled) 

7. (Original) The method of Claim 1 , wherein d) further comprises: 

d1) interfacing with at least one switch, an associated switch, in said network 
of computing resources to virtually reconfigure said associated switch in order to 
virtually isolate said computing resource from remaining computing resources in said 
network of computing resources. 

8. (Original) The method of Claim 7, wherein said associated switch 
comprises an Ethernet switch. 

9. (Original) The method of Claim 7, wherein said associated switch 
comprises a Storage Area Network (SAN) switch. 

10. (Original) The method of Claim 7, wherein said at least one switch 
comprises a SAN switch and an Ethernet switch. 

1 1 . (Original) The method of Claim 1 , wherein said network of computing 
resources comprises a provisional data center. 

12. (Currently Amended) A method for responding to network intrusions, 
comprising: 
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a) receiving an intrusion detection system (IDS) alert from an IDS sensor in a 
network of computing resources at a location separate from an infected computing 
resource, wherein said IDS alert indicates an unauthorized intrusion upon said 
infected computing resource in said network of computing resources, wherein 
implementation of a response to said IDS alert is unaffected by said unauthorized 
intrusion and wherein said unauthorized intrusion caused said computing resource to 
become infected : 

b) responding to said IDS alert by automatically interfacing with at least one 
switch in said network of computing resources to virtually reconfigure said at least one 
switch, an associated switch, in order to virtually isolate said computing resource from 
remaining computing resources in said network of computing resources; and 

c) responding to said IDS alert by automatically interfacing with a power 
controller that controls power to said computing resource to shut power to said 
computing resource. 

13. (Original) The method of Claim 12, wherein a) further comprises: 
a1) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 

a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said network of computing resources. 

14. (Original) The method of Claim 13, wherein a2) further comprises: 
determining said suspicious intrusion is unauthorized when said suspicious 

intrusion matches with at least one of a list of unauthorized intrusions. 

15. (Original) The method of Claim 13, wherein a1) comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system 
(HIDS) sensor located on said computing resource. 

16. (Original) The method of Claim 13, wherein a1) comprises: 
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detecting said suspicious intrusion at a network-based intrusion detection 
system (NIDS) sensor located within said network of computing resources. 

17. (Original) The method of Claim 12, wherein said network of computing 
resources comprises a provisional data center. 

18. (Original) The method of Claim 12, wherein said switch couples said 
computing resource to a virtual local area network. 

19. (Original) The method of Claim 12, wherein said switch comprises an 
Ethernet switch. 

20. (Original) The method of Claim 12, wherein said associated switch 
comprises a Storage Area Network (SAN) switch. 

21. (Original) The method of Claim 12, wherein said at least one switch 
comprises a SAN switch and an Ethernet switch. 

22. (Original) The method of Claim 12, wherein further comprising: 
automatically interfacing with said associated switch in said network of 

computing resources; and 

automatically interfacing with said power controller. 

23. (Currently Amended) A computer system comprising: 

a bus for communicating information associated with a method for responding 
to network intrusions; 

a processor coupled to said bus for processing said information associated 
with said method for responding to network intrusions; and 

a computer readable memory coupled to said processor containing program 
instructions, that when executed by said processor, implement said method for 
responding to network intrusions, comprising: 
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a) receiving an intrusion detection system (IDS) alert from an IDS sensor 
located in a network of computing resources, wherein said IDS alert indicates an 
unauthorized intrusion upon a remotely located computing resource in said network of 
computing resources , wherein said remotely located computing resource is modified 
by said unauthorized intrusion ; 

b) identifying said IDS alert; and 

c) determining an appropriate response to said IDS alert that is identified at a 
location separate from said remotely located computing resource so that said 
determining said appropriate response is unaffected by said unauthorized intrusion; 
and 

d) automatically implementing said appropriate response to mitigate damage 
to said network of computing resources from said unauthorized intrusion by isolating 
said remotely located computing resource, wherein said implementing said 
appropriate response comprises interfacing with at least one switch, an associated 
switch, in said network of computing resources to virtually reconfigure said 
associated switch in order to virtually isolate said computing resource from 
remaining computing resources in said network of computing resources. 

24. (Original) The computer system of Claim 23, wherein a) in said method 
further comprises: 

a1) detecting a suspicious intrusion into said computing resource; 
a2) determining said suspicious intrusion is unauthorized; 
a3) generating said IDS alert; and 

a4) sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said network of computing resources. 

25. (Original) The computer system of Claim 24, wherein a2) in said method 
further comprises: 

determining said suspicious intrusion is unauthorized when said suspicious 
intrusion matches with at least one of a list of unauthorized intrusions. 
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26. (Original) The computer system of Claim 24, wherein a1) in said method 
comprises: 

detecting said suspicious intrusion at a host-based intrusion detection system 
(HIDS) sensor located on said computing resource. 

27. (Original) The computer system of Claim 24, wherein a1) in said method 
comprises: 

detecting said suspicious intrusion at a network-based intrusion detection 
system (NIDS) sensor located within said network of computing resources. 

28. (Original) The computer system of Claim 23, wherein d) in said method 
further comprises: 

d1) interfacing with a power controller that controls power to said computing 
resource to shut power to said computing resource. 

29. (Canceled) 

30. (Previously Presented) The computer system of Claim 23, wherein said 
associated switch comprises an Ethernet switch. 

31 . (Previously Presented) The computer system of Claim 23, wherein said 
associated switch comprises a Storage Area Network (SAN) switch. 

32. (Previously Presented) The computer system of Claim 23, wherein said at 
least one switch comprises a SAN switch and an Ethernet switch. 

33. (Previously Presented) The computer system of Claim 23, wherein said 
network of computing resources comprises a provisional data center. 
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